A high-severity vulnerability has been discovered in a number of Cisco routers (opens in new tab) which allows threat actors to bypass authentication, gain root access to the endpoint, and even launch arbitrary commands on the underlying operating system in the second stage of the attack.
The news comes courtesy of Cisco itself, which said it wouldn’t be addressing the flaw given that it was discovered in endpoints that have reached the end of life. The flaw, tracked as CVE-2023-20025, affects Cisco Small business RV016, RV042, RV042G, and RV082 routers. By sending a custom-built HTTP request to the web-based management interface of the vulnerable routers, the attackers could bypass the device’s authentication and remotely exploit it.
The attackers would then be able to leverage a second vulnerability, also newly disclosed CVE-2023-2002, to execute arbitrary commands on the device’s operating system.
Blocking important ports
The bugs are rated as “critical”, but Cisco will not be addressing it, mostly because the devices in question are no longer supported by the company. However, BleepingComputer found that RV042 and RV042G routers were available for sale until January 30, 2020, and will be enjoying the company’s support until January 31, 2025.
There are no workarounds for the flaw, but admins can disable the routers’ web-based management interface, or block access to ports 443 and 60443, which would help block potential attacks.
This is not the first time Cisco decided not to fix critical authentication bypass vulnerabilities. In September, BleepingComputer reminds, a similar flaw was discovered plaguing RV110W, RV130, RV130W, and RV2015W EoL. At the time, Cisco suggested customers move to RV132W, RV160, and RV160W.
In June, a critical remote code execution (RCE) flaw (tracked as CVE-2022-20825) was found and left unchecked.
Routers are a crucial component in data transit, and as such, are a major target for cybercriminals. Therefore, it’s not uncommon for cybersecurity researchers and OEMs to regularly find, and patch, high-severity flaws. However, unpatched flaws can wreak havoc on a network, as threat actors don’t have to discover new vulnerabilities themselves – they can just leverage what’s already common knowledge.
Via: BleepingComputer (opens in new tab)